dc8e8f0c377f5f2ee19e22ae36a62793cbecdeef902f3c672ab9088b489764ad

Sharing

Copy URL Twitter E-mail

General

Target

dc8e8f0c377f5f2ee19e22ae36a62793cbecdeef902f3c672ab9088b489764ad
Size

577KB
MD5

6f612fdfc67bba28519235817480bf27
SHA1

5b06d27bb83e7ede65d3d904949983f6aaeba93b
SHA256

dc8e8f0c377f5f2ee19e22ae36a62793cbecdeef902f3c672ab9088b489764ad
SHA512

63716f7ed9b4a66c861f731dccd3594b659fcab071532562e1aaf5df48af05eaa68886068441ce7c78bfacfde25490a9062e0e0693999441e1286b82fa13233c
SSDEEP

12288:rArQyoXE8WsLXCHIQQlnEFb5fFqYkOqI0zs7bWNZtq33WG:rArQywIsjCoJNWNfvkOqI0zSWj83P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc8e8f0c377f5f2ee19e22ae36a62793cbecdeef902f3c672ab9088b489764ad

Files

dc8e8f0c377f5f2ee19e22ae36a62793cbecdeef902f3c672ab9088b489764ad
.exe windows:6 windows x86

f7137bdc55e0f050ab41c6e89bde8da5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundW

kernel32

CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringA
GetModuleFileNameA
lstrlenW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WritePrivateProfileStringA
GetCurrentDirectoryW
GetModuleHandleW
HeapSize
CreateFileW
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
lstrcpyW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileAttributesExW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
HeapReAlloc
GetConsoleOutputCP
FlushFileBuffers
HeapAlloc
HeapFree
GetFileSizeEx
GetFileType
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
GetCurrentProcessId
CloseHandle
lstrcpyA
lstrcatW
SetEvent
GetPrivateProfileStringW
CreateEventW
MultiByteToWideChar
UnmapViewOfFile
TerminateProcess
WritePrivateProfileStringW
WriteConsoleW
FindNextFileW
SetUnhandledExceptionFilter
GetModuleFileNameW
WriteFile
GetStdHandle
ReadFile
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
RaiseException
RtlUnwind
GetStringTypeW
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
UnhandledExceptionFilter
SetEndOfFile
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
LCMapStringEx
InitializeCriticalSectionEx

user32

TranslateMessage
TranslateAcceleratorW
DrawTextExW
LoadCursorW
LoadIconW
SystemParametersInfoW
wsprintfW
PostQuitMessage
DispatchMessageW
ShowWindow
UpdateWindow
LoadImageW
InvalidateRect
BeginPaint
SetDlgItemTextW
EndPaint
MessageBoxA
LoadStringW
GetWindowTextLengthW
EndDialog
SetWindowTextW
GetDlgItemTextA
SetTimer
GetWindowTextA
LoadAcceleratorsW
SetWindowTextA
GetDlgItemTextW
LoadBitmapW
GetDlgItem
KillTimer
GetWindowTextLengthA
DialogBoxParamW
GetMessageW
DefWindowProcW
DestroyWindow
MessageBoxW
CreateWindowExW
SendMessageW
RegisterClassExW
wsprintfA

gdi32

SelectObject
CreateCompatibleDC
GetStockObject
DeleteDC
SetTextColor
SetBkColor
DeleteObject
BitBlt

advapi32

RegQueryValueExA
RegOpenKeyExA
RegGetValueW
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathA

shlwapi

PathFileExistsW
PathCombineW
StrChrW

ws2_32

ntohs
htonl
ntohl
freeaddrinfo
htons
inet_ntop
recv
gethostname
connect
closesocket
socket
send
WSAStartup
getaddrinfo
WSAAsyncSelect
WSACleanup

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�X֣u�
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7137bdc55e0f050ab41c6e89bde8da5

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ws2_32

Sections

.text Size: 209KB - Virtual size: 208KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 5KB - Virtual size: 9KB

.rsrc Size: 278KB - Virtual size: 278KB

�X֣u� Size: 16KB - Virtual size: 20KB

.text
Size: 209KB - Virtual size: 208KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 278KB - Virtual size: 278KB

�X֣u�
Size: 16KB - Virtual size: 20KB